package servlets;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.regex.Pattern;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class EditJob extends HttpServlet {

	Connection conn = null;
	Statement stmt = null;
	String fname = "";
	String lname = "";
	String country = "";
	String town = "";

	public void doPost(HttpServletRequest req, HttpServletResponse res)
			throws ServletException, IOException {
		try {
			// Get a Connection to the database
			conn = DatabaseConection.getConnectionToDB();
			stmt = conn.createStatement();
			// Add the data into the database
//			getColumnsValue(req, Integer.parseInt(req.getParameter("id_edit")));
			if(isSqlInjectionAttack(req.getParameter("firstname_edit"))){
				System.out.println("attack detected");
			} else {
				
			getColumnsValue(req, req.getParameter("firstname_edit"));
//			String sql = "update authors set FirstName='"
//					+ req.getParameter("firstname_edit") + "', LastName='"
//					+ req.getParameter("lastname_edit") + "', Country='"
//					+ req.getParameter("country_edit") + "', Town='"
//					+ req.getParameter("town_edit") + "' where FirstName='"
//					+ req.getParameter("firstname_edit")+"'";
			String sql = "update authors set LastName='"
					+ req.getParameter("lastname_edit") + "', Country='"
					+ req.getParameter("country_edit") + "', Town='"
					+ req.getParameter("town_edit") + "' where FirstName='"
					+ req.getParameter("firstname_edit")+"'";
			System.out.println(sql);
			stmt.executeUpdate(sql);
			System.out.println(sql);
			res.sendRedirect("http://localhost:8080/RoadRunner/");
			}
		} catch (ClassNotFoundException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} finally {
		}

	}

//	private void getColumnsValue(HttpServletRequest req, int id)
//			throws SQLException {
//		initializeColumns(id);
//		if (req.getParameter("firstname_edit") != ""
//				&& req.getParameter("firstname_edit") != null) {
//			fname = req.getParameter("firstname_edit");
//		}
//		if (req.getParameter("lastname_edit") != ""
//				&& req.getParameter("lastname_edit") != null) {
//			lname = req.getParameter("lastname_edit");
//		}
//		if (req.getParameter("country_edit") != ""
//				&& req.getParameter("country_edit") != null) {
//			country = req.getParameter("country_edit");
//		}
//		if (req.getParameter("town_edit") != ""
//				&& req.getParameter("town_edit") != null) {
//			town = req.getParameter("town_edit");
//		}
//	}
	
	private boolean isSqlInjectionAttack(String string) {
		System.out.println(string);
		return Pattern.matches("/\\w*((\\%27)|(\\'))((\\%6F)|o|(\\%4F))((\\%72)|r|(\\%52))/ix", string);
	}

	private void getColumnsValue(HttpServletRequest req, String name)
			throws SQLException {
		initializeColumns(name);
		if (req.getParameter("firstname_edit") != ""
				&& req.getParameter("firstname_edit") != null) {
			fname = req.getParameter("firstname_edit");
		}
		if (req.getParameter("lastname_edit") != ""
				&& req.getParameter("lastname_edit") != null) {
			lname = req.getParameter("lastname_edit");
		}
		if (req.getParameter("country_edit") != ""
				&& req.getParameter("country_edit") != null) {
			country = req.getParameter("country_edit");
		}
		if (req.getParameter("town_edit") != ""
				&& req.getParameter("town_edit") != null) {
			town = req.getParameter("town_edit");
		}
	}
	
	private void initializeColumns(String name) throws SQLException {
		String sql = "SELECT * FROM Authors WHERE FirstName = '" + name+ "'";
		ResultSet rs = stmt.executeQuery(sql);
		while (rs.next()) {
			// Retrieve by column name
			fname = rs.getString("FirstName");
			lname = rs.getString("LastName");
			country = rs.getString("Country");
			town = rs.getString("Town");

		}
	}

//	private void initializeColumns(int id) throws SQLException {
//		String sql = "SELECT * FROM Authors WHERE ida=" + id;
//		ResultSet rs = stmt.executeQuery(sql);
//		while (rs.next()) {
//			// Retrieve by column name
//			fname = rs.getString("FirstName");
//			lname = rs.getString("LastName");
//			country = rs.getString("Country");
//			town = rs.getString("Town");
//
//		}
//	}
}
